<?php
require_once '../lib/controllerWithoutGetOrPost.php';
require_once 'header2.php';
if ($_POST['action'] === 'save') {
    $comment = $db->escape($_POST['comment']);
    $commentId = intval($_POST['commentid']);
    $sql = <<< EOT
        UPDATE RemembranceComment
        SET Comment = '%s'
        WHERE ID = %d
EOT;
    $sql = sprintf($sql, $comment, $commentId);
    $success = $db->query($sql);
    if ($success) {
        echo '<p>Update succeeded</p>';
    } else {
        echo '<p>Update failed</p>';
    }
    echo '<p><a href="remembrancecomment.php">Remembrance Comments</a></p>';
}
if(!empty($_GET['commentid'])) {
    $commentId = intval($_GET['commentid']);
    $sql = <<< EOT
        SELECT Comment
        FROM RemembranceComment
        WHERE ID = %d
EOT;
    $sql = sprintf($sql, $commentId);
    $result = $db->query($sql);
    $row = $db->fetch($result);
    $commentField = $db->unescape($row['Comment']);
    $comment = $html->text($commentField);
    $filename = $_SERVER['PHP_SELF'];
    echo <<< EOT
<h2>Edit Comment</h2>
<form method="POST" action="$filename">
    <input type="hidden" name="action" value="save">
    <input type="hidden" name="commentid" value="$commentId">
    <fieldset>
        <legend>Comment to edit</legend>
        <textarea name="comment" cols="50" rows="20">$comment</textarea>
    </fieldset>
    <p><input type="submit" value="Save Comment"></p>
<form>

EOT;
}

?>
